Tag: contactless and nfc

And they vote, too

16th February 2011by Consult Hyperion2 Comments

Last year, I read a Deutsche Bank Research note about mobile payments that was given to me in a meeting with one of our clients (E-Banking Snapshot 34, August 2010). It highlighted a Forrester Research finding that 74% of European consumers and 64% of US consumers are not interested purchasing goods or services via their mobile phones and said that this means there are substantial barriers to adoption of mobile payments. Well, there are certainly substantial barriers to the adoption of mobile payments, but in my experiences consumers are not one of them. Quite the reverse: in every project that I have been involved in, consumers have loved buying things using their mobile phones. The discrepancy comes, I think, because when you ask consumers about something in new in a field they don’t care about (let’s face it, consumers don’t really spend that much time thinking about payments) they will react conservatively. Say to the average British consumer “would you like to use your mobile phone to pay for cups of coffee” and they can’t envisage what you are talking about, especially if they don’t live in London and use Oyster all the time or use 2D barcodes for travel tickets or whatever.

In a survey of 2,500 members of Springboard UK, the market research experts, on behalf of Vision Critical, half of respondents (51%) reported being fairly or very uncomfortable at the prospect of mobile payments.
[From British ‘uncomfortable’ about making mobile payments – Marketing news – Marketing magazine]

When consumers are given a mobile payment system that works and is convenient, adoption is rapid. Incidentally, in that survey only a fifth of consumers said they were interested in a prepaid wallet. I’ve heard this over and over again: one of the arguments against substituting cash (which most consumers don’t see as a pre-paid product) with some form of “purse” product is that people don’t want to pay up front for good or services that they might use in the future. Fair point. Oh, wait…

Starbucks Corp. customers loaded a record $700 million on to the Seattle coffee chain’s prepaid card accounts during its most recent quarter, up 39% from a year earli
[From Starbucks Prepaid Loads Jump 39% – American Banker Article]

Turns out that if you know stuff about marketing, consumer behaviour, distribution, management, convenience, payment choices, advertising, incentives and, above all, retailing then customers are only to happy to go with mobile prepaid. That’s how come Starbucks went from a mobile payments experiment…

The ultimate goal of the program is to get customers to trade in their physical Starbucks Cards for the digital variety — it’s a time saving exchange for the customer and a cost saving exchange for the company. Already, one in five of all in-store transactions are paid for via Starbucks Card (mobile or physical), and more than $1 billion will have been loaded on to cards by year’s end.
[From Starbucks in New York Now Accepting Mobile Payments | The Total Footballer]

…to a national roll-out in a quarter. Our good friend Brett King gave the Starbuck’s national mobile payment scheme a try and said that

this is far superior to a current interaction using cash or a card for a number of reasons. This gives us a glimpse of what the cashless society will be like; it isn’t risky, it isn’t subject to fraud or theft, it is safe, secure and fast.
[From Brett King: Starbucks Mobile Payments — The Future Is Coming Fast (VIDEO)]

We all know that mobile will be the focus for the evolution of retail payments, and I think the message is getting out. Eric Schmidt’s talk at Barcelona — saying that NFC will be profitable — attracted a great deal of attention, mainly from people who didn’t listen to what he said when still CEO of Google.

Google wants the next generation of Android phones to replace credit cards, Eric E. Schmidt, Google’s chief executive, said Monday at the Web 2.0 Summit in San Francisco. The newest version of Android, Google’s mobile phone operating system, code-named Gingerbread, will come out in a few weeks, he said. It will include NFC…
[From Schmidt: Android Phones Will Be Credit Cards – NYTimes.com]

There’s still a long way to go in the mass market though, and it’s fair enough to comment on it. Consumers, journalists, commentators don’t yet understand how this new infrastructure is going to work. But I think that’s about to change. Britain’s biggest retailer is Tesco, so they are a benchmark for the acceptance of new technology, and they are going to go contactless this year.

Tony Saunders is the director of marketing for VeriFone in Europe, the Middle East and Africa… Saunders told us that within six months, Tesco will be rolling out near-field communications capabilities to its 35 – 38,000 checkouts across Britain
[From The future of the high street: near-field communication (Wired UK)]

This might be connected with a story that I touched on before in another context, illustrating the point about the ability of retailers to exploit the new contactless technologies in interesting ways.

Tesco will relaunch its Clubcard scheme as an online rewards programme as it gears up to reach customers in the digital age. Developing a ‘secure, multichannel’ smart card, the UK retailer will move the scheme to digital channels in an effort to simplify its rewards programme and cut down on direct-mail costs.
[From Tesco will relaunch Clubcard scheme in 2011 : WCJB]

Incidentally, I didn’t quite understand the rest of the Wired story, so I dropped an e-mail full of NFC articles to the reporter who had said that

The only obstacle could be similar, but proprietary, technologies set up by banks — which are known as “contactless” payment options. Barclays’ contactless cards are a good example, as are Visa’s PayWave cards, which are being trialled in Europe using an iPhone dongle.
[From The future of the high street: near-field communication (Wired UK)]

I shouldn’t make fun. The technology might be old to us, but it’s new to the mass market. And I should not that it isn’t just UK journalists who get a bit confused.

For example, special payment stickers are available already that allow merchants to NFC-enable their point of sale terminals by simply affixing a sticker to the terminal, Litan said. Such stickers go for as little as $18
[From Analysts: Apple could disrupt mobile payment industry | BappProducts | iOS Central | Macworld]

Wait, what? I think the journalist got the wrong end of the stick on this one! Let’s be clear. The contactless payment schemes are NFC and the cards, phones, stickers, watches, hat, badges or anything else will all work with the NFC POS terminals. The key point here is that the retailers are rolling out NFC at POS not just because they want to accept NFC contactless cards, which many of them don’t really care about, but because of NFC contactless phones, which promise an entirely new mobile shopping experience. The retailers want mobile wallets as soon as they are practical, because the value-adding opportunities around coupons, loyalty, location-based marketing and all sorts of other things besides payments are so great.

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]

How d’ya like them Apples?

30th January 2011by Consult Hyperion2 Comments

WIth Apple’s domination of media mindshare almost total, the fact that you can already buy other handsets with NFC in them (eg, the Google Nexus S and the Nokia C7, although both are currently software-limited) and that the first Blackberry handsets are imminent has been overlooked. All press comment (I know, because I contributed to some of it) has been about the iPhone. One of the questions that I was asked, repeatedly, was about iTunes morphing into a new payment scheme.

“They have 160 million users with digital wallets in iTunes accounts. They don’t have to do anything other than to NFC-enable their phones,” Litan said.
[From Analysts: Apple could disrupt mobile payment industry | BappProducts | iOS Central | Macworld]

They do have numbers on their side, that’s true. But as we all know, payments is a two-sided market, so there has to be a reason for the merchants to get on board too.

For merchants, an Apple payment system could prove attractive. Many merchants are raring for alternative payment systems, to avoid having to pay the hefty fees that credit card companies charge for every transaction.
[From Analysts: Apple could disrupt mobile payment industry | BappProducts | iOS Central | Macworld]

Yes, but how will Apple avoid them? Everything I buy on iTunes goes to my MasterCard. Sure, Apple aggregates the payments, but the banks don’t provide this service for free, even for Steve Jobs. In order to avoid having to pay credit card fees, Apple would have to do what PayPal does and start persuading people to sign up with their bank account details, which would in turn mean building the kind of anti-fraud platform that PayPal have been building for a decade. And why would they do that? It seems like a lot of non-core investment to commit to.

This investment is needed because the biggest problem will be security. So long as my iTunes password only allows you to buy music tracks for my iPod or games for my iPad or note-taking applications for my Macintosh, to risk is manageable. But if my iTunes password allows you to walk out of a store with a pair of shoes or a telly, then my iTunes password will become valuable. Microseconds after extending iTunes payments to retail stores, Apple would be dealing with millions of customers calling up because their passwords had been phished, copied, guessed.

Japanese police have arrested two people suspected of stealing virtual goods from players of online game Lineage II. The pair tricked victims via a booby-trapped program that claimed to help people play the game. Instead of boosting a character’s abilities the program stole account names and passwords.
[From BBC News – Lineage II pair arrested for stealing virtual goods]

I’m sure Apple are perfectly well aware of this kind of crime and know that were iTunes to become a general payment paltform, then it would become widespread. This is hardly wild projection, since the phishing of iTunes accounts is already widespread.

It least one group of scammers has found a way to charge thousands of dollars to iTunes accounts through PayPal. One targeted customer told us, “My account was charged over $4700. I called security at PayPal and was told a large number of iTunes store accounts were compromised.”
[From Fraudsters Drain PayPal Accounts Through iTunes]

I’m sure Apple already has lots of people working on this problem but ultimately it’s very difficult to stop people from giving away their passwords and I’m sure the phishers will soon learn to send out the right kind of e-mail messages.

Roughly 50,000 Apple iTunes accounts stolen by hackers are said to be for sale on China’s largest auction site.
[From 50,000 Stolen iTunes Accounts On China Auction Site — Apple iTunes — InformationWeek]

The underlying problem is, of course, that passwords are not security and no-one should be allowed to use the phrase “password security” in any serious context. So long as the cost of phishing, guessing or actually breaking passwords is fantastically less than the value of the account that they give access to, there is no solution.

Thomas Roth of Cologne, Germany told Reuters he used custom software running on Amazon’s Elastic Compute Cloud service to break into a WPA-PSK protected network in about 20 minutes. With refinements to his program, he said he could shave the time to about six minutes. With EC2 computers available for 28 cents per minute, the cost of the crack came to just $1.68.
[From Researcher cracks Wi-Fi passwords with Amazon cloud • The Register]

Ah, you might say, but suppose Apple implements a Secure Element (SE) for NFC and that SE uses standard PKI applications on industry-standard Global Platform in an industry-standard JavaCard. Then a thief would have to steal the iPhone as well as the password, and this indeed true. Apple could implement an identity-based payment mechanism and persuade merchants to install the contactless terminals, implement the new scheme and pay Apple instead of paying the banks (whose fees have just been capped by the Durbin amendment.

Again, why bother. You may as well do a deal with a bank to put a contactless EMV application in the SE. But suppose you are not going to care about anything at retail POS — except in your own stores — but instead want to improve security and convenience for customers in general? Imagine this scenario a year from now: I log in to iTunes and it gives me the option of switching to two-factor authentication. (Apple wouldn’t call it that, they have better marketing people – suppose they call it Apple Passport or something like that, maybe iMe or whatever.) I accept. From then on, when I log in to iTunes on my iPhone, I don’t noticed anything different, but under the hood iTunes is sending a digitally-signed challenge to a digital signature application in the SE. It’s decoded using Apple’s public key, and signed using my public key (which, of course, Apple know) and sent back. Sorted. Now with this strong authentication, Apple can have higher-priced items for sale via iTunes. When I log in on my PC, a message pops up on my iPhone and I have to enter my passcode. Under the hood, the same process. Now you have to steal my passcode and my iPhone.

A little later, I’ll be given the option of making my OSX login “iMe only” and so on.

If anyone can bring PKI to the masses, Apple can. Soon, other companies will negotiate with Apple to join “iMe Connect” and because it is more secure than a password, they will pay to use it. There are payments applications for this (it means that mobile payments can be lifted beyond ringtones and music tracks, and at a lower margin than operators) but I don’t see them as being central to the business proposition, because people will be using their iPhone to log in to everything (internet banking, shopping, government) and then, because of the NFC interface, they will begin to use it to “log in” in Apple retail stores and then, soon, enough, other places. Meanwhile, credit cards and Bling, Amex and PIN debit will all be loaded into the SE anyway, so customers will find themselves using their iPhones to get on BART and pay in CVS. This will save the issuers money, because they don’t need to issue the plastic, so they can offer a good deal. Andrew Johnson was surely right to point this out in American Banker.

In the end, banks have a lot to gain by being willing to give pricing concessions to Apple in exchange for getting their payment card information directly located in Apple’s mobile wallet service. Doing so could give those banks a first-mover advantage.
[From In Apple Mobile Pay Plans, a Possible Opening for Banks – American Banker Article]

Apple doing the identification and micropayments, leaving larger payments to the finance sector who will in turn pay Apple. Now we can see the real play, and a first-rate strategy for the next phase of online evolution: own identity and authentication. ITunes as a payment scheme to rival cards, PayPal, iDeal? No. iTunes as a payment scheme to get people used to logging into things with their iPhones? Plausible. iTunes as something that delivers a variety of customer communication and management option of real value to merchants (a cross between Barclaycard Freedom, Bling and Taggo)? Yes. Why? Because knowing who someone is is so much more valuable than a small slice of their payments, a fact that informed industry observers have pointed to since the Apple/NFC rumourmongering began.

the real revenue streams to Apple will not be from “interchange” but from advertising as iAD provides the “Yang” to the NFC’s “Ying”. Creating a new payment ecosystem means having incented partners. The timing on Apple’s iAD and NFC developments are not accidental, my belief is that they are part of a very solid mCommerce expansion strategy.
[From Apple’s NEW NFC Patent « New Ventures in Financial Services]

Look, I don’t know what Apple’s strategy is any more than you do, but from the perspective of helping clients to formulate their own broad strategies for NFC, payments, value-added payment services and identity, this is a reasonable strawman, which is why we’ve been using it.

Mobile challenges to the financial sector

20th January 2011by Consult Hyperion1 Comment

What’s big in payments right now? I don’t think we have to guess. Our good friends at PaymentsNews have already pointed out that

Two payment-related themes are emerging from NRF conference being held this week in New York: POS encryption/tokenization and mobile payments acceptance.
[From Payments News from National Retail Federation BIG Show 2011]

One of these themes is all about reducing costs (the costs of PCI-DSS compliance are very high, but I don’t want to talk about them in this post), the other about creating new opportunities. It’s hard to argue with this prioritisation: mobile has to be the no.1 strategic issue. But new opportunities for who? The mobile operators? The international payment schemes? The banks? Chetan Sharma’s survey says that it will be the schemes. I’m not so sure, because it would mean that current value networks will be substantially unchanged through the transition, which doesn’t seem right to me.

Can the current payments landscape of banks issuing cards being accepted at merchants being acquired by other banks translate into the mobile environment? We (the industry) used to think that banks and mobile operators would eventually get around to being pals and would sort things out to set the new value network in motion. Will they? Who knows: but the barbarians are at the gate. Eric Schmidt, the Google CEO, writing in the Harvard Business Review, set out Google’s strategic priorities for the coming year:

Second, we must attend to the development of mobile money.
[From Preparing for the Big Mobile Revolution – HBR Agenda 2011 – Harvard Business Review]

Wow. Mobile money is Google’s second-highest priority. In fact, as Eric notes, Google top three strategic priorities are all about mobile. They are going to be a big part of the mobile marketspace from now on.

In last year’s survey, Google/Android narrowly missed out to be the biggest story of the year but this year, the verdict was clear that Google will continue to dominate the headlines with Android devices and new updates and apps.
[From Always On Real-Time Access » 2011 Mobile Predictions Survey Results]

There’s a particular interest there for those of us who have long thought that NFC is going to be a gamechanger because customers find the convenience of contactless so attractive: it energises all sorts of applications, not only payments (actually, payments are rather dull – probably not the application that drives people into the stores to get NFC handsets).

Google is building a mobile wallet nicknamed “Cream,” which it plans to integrate with Android NFC phones that consumers could tap to pay in stores
[From Google Building an NFC Mobile Wallet; U.S. Banks Are Interested | NFC Times – Near Field Communication and all contactless technology.]

You can see where this is going. Banks will be offered a choice of loading their payment applications to the operator-controlled UICC or to the embedded secure element in Android phone, iPhones (rumoured to have NFC soon) and Blackberries (the first Blackberry devices with NFC are about to launch). Not only will these not be controlled by the bank, they won’t be controlled by the operator either. If the infrastructure for accepting NFC payments is simply more mobile phones, even mobile phones with knobs on, there’s no barrier to new types of payments sitting in those secure elements.

Anyway, back to the competitive landscape. If you were being negative about mobile operators, you might conclude that they’ve blown it: a couple of years ago they had the chance to get NFC moving on their terms, but they wouldn’t order the handsets. Now they’re going to have to work hard to get back into the value network. And a particular issue will be the basis of competition: what are they going to offer on their NFC platforms? I’ve mentioned before that I think identity is an area where innovation might generate something new for them, so perhaps the operators are developing new propositions around digital identity (the mobile passport or whatever), or couponing and loyalty, or sports, or event ticketing and management.

And so it is that accountants, banks and mobile phone companies see themselves as engaged in intense competition while customers think they are all the same. Competition as businesses perceive it is not at all the same as competition as consumers perceive it.
[From John Kay – Radical innovation rarely comes from within]

John is typically thought provoking, and surely correct. In the specific case of mobile, though, there’s another aspect: the operators ability to innovate, even if they wanted to, is being constrained.

The Verizon iPhone is exactly the same as the AT&T iPhone, just on a different network — and not even on Verizon’s fastest, latest network, which could have showcased Verizon’s strengths.
[From Why Verizon’s iPhone spells the end of the golden age for carriers | VentureBeat]

There’s a difficult line to tread when blogging: after all, we provide consultancy services to the industry and I have to try to balance the display of corporate expertise and depth of understanding with sensitivity to clients plans. I hope I won’t get in to trouble for saying that I think it is a real problem for some of our clients that their strategy people think about competition in conventional terms: operators, banks, schemes. These aren’t the people who will put them out of business — or, more likely, reduce them to pipes (for bits, money, data), which could still be a good business if they are operationally efficient — if they do nothing to respond to the challenge coming from the outsiders. Its going to be a fun year in mobile.

If you’re interested in learning more about this kind of thing, Consult Hyperion’s Head of Mobile Money, Paul Makin, will be presenting on the challenges that mobile presents to the financial services sector at Mobile Financial Services in London on March 15th-16th 2011. Do come along and join in the discussion.

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]

The nuclear options

17th January 2011by Consult Hyperion3 Comments

Nuclear power is scary, because of the fear of radiation (radiation itself doesn’t seem to be as bad for you as you might think) escaping and contaminating all around. But is it as scary as banking? There was an absolutely fascinating piece by Tim Harford in the Financial Times last weekend. It was called “What a nuclear reactor can teach us about the economy“, and it draws parallels between the way engineers build safety systems for nuclear reactors (broadly speaking, by applying science and learning from mistakes) and the way that regulators build safety systems for the banking system (broadly speaking, by making things up and not learning from mistakes). The key observation is that the banking system is complex:

It might seem obvious that the way to make a complex system safer is to install some safety measures. Engineers have long known that life is not so simple.
[From What a nuclear reactor can teach us about the economy]

What Tim is saying is that financial products such as Collateralised Debt Obligations (CDOs) and Credit Default Swaps (CDSs) appeared as safety systems (for spreading risk) and then, just like the coolant filter that got dislodged and jammed the coolant flow thus causing a partial meltdown of the Fermi reactor in Detroit, they blew up the system they were supposed to stabilise.

So what can the financial sector learn from the nuclear reactor sector, given this analogy? Well, using the example of Three Mile Island, Tim explains that one of the key reasons that the reactor came close to meltdown was that the operators couldn’t understand all of the dials, lights, warnings and other signals. As a consequence

since Three Mile Island, much attention has been lavished on the problem of telling the operators what they need to know in a format they can understand.

When the financial system started to melt down, regulators were faced with the same problem: given all of the warning lights flashing, given all of the alarms sounding, what was actually going on?

Andrew Haldane, director for financial stability at the Bank of England… argues that the same technologies now used to check the health of an electricity grid could be applied to a financial net- work map, highlighting critical connections, over-stressed nodes and unexpected interactions.

This analogy is imperfect in a couple of ways, of course, because banks can create money from nothing whereas electricity costs money to create and because electricity substations don’t lie to the national grid in order to get a bigger bonus, but you can see his point.

There’s one aspect of this that Tim didn’t explain though. Engineers don’t forget things, but financiers do. Once engineers have learned, for example, how not to build a bridge, then they stop building bad bridges. But bankers don’t work that way. They would stop building bridges that way for a short time, and then simply go back round and starting building collapsing bridges again a few years later.

What does this have to do with payment systems? I’d like to highlight two points: complexity and decoupling. We need to beware of complexity, to treat it as an enemy (the current case study of EMV illustrates this perfectly), and we need to decouple so that parts of complex systems can fail without bringing down to whole of the system. It seems to me that this prescription provides a pretty clear manifesto for payments: separate the payments systems from the banking system and have a lots of simple payment systems instead of a small number of complicated ones.

payments

Smart art

12th January 2011by Consult HyperionLeave a comment

As one of the legions of fans of the brilliant BBC / British Museum radio series on “A History of the World in 100 Objects“, I was absolutely fascinated by the episode on 14th-century Chinese paper money: follow the link and have a look at the beautiful picture of the Chinese banknote from 1375.

The Chinese writing along the top of this note reads (from right to left): ‘Da Ming tong xing bao chao’ and translates as Great Ming Circulating Treasure Note’
[From Chinese Ming bank note › The British Museum]

I love that name: Bank of England notes really should be inscribed “Circulating Lack of Treasure Note”. These notes had pictures of the “cash” (copper coins with holes in the middle, threaded on to a string) that they represented: ours should have a picture of… what? What do they represent?

Things have moved on a little since mulberry bark. Some of you may remember Paul Makin’s super presentation about “E-ink and smart banknotes” at the 13th Digital Money Forum in London back in March 2010. The presentation was based on some work that Consult Hyperion had been doing with the Bill & Melinda Gates Foundation. Less than a year on, it’s fascinating to see how the smart banknote technologies have evolved. Display technology, in particular, is advancing apace.

Quantum dot light emitting diodes (QLEDs) are an advanced technology currently in development that will deliver the ultimate solution for displays and lighting applications… QLEDs are only a couple hundred nanometers thick making them virtually transparent and flexible, and highly suitable for integration onto plastic or metal foil substrates as well as other surfaces[From QLED Technology]

Displays aren’t the only technology of interest here. I think we can focus down and think of a smart banknote as comprising four main technological components:

The note itself, made out of a plastic polymer rather than paper. This makes it durable and waterproof, important if it is to contain electronics. Some countries (eg, Australia) have already switched from paper to plastic for their banknotes and others (eg, Canada) are planning to follow. Plastic banknotes last much longer than paper ones, so the additional cost of production doesn’t stop them from being cost-effective.
The electronic ink display on the note. Electronic ink, as you’ll recall, only uses power when it is changing, so once the banknote display has been written then it will stay displaying the same thing until it changed.
The chip inside the banknote. Why do we need a chip inside the banknote? Well, we want the banknote to be secure: we don’t want it to be counterfeited or altered. And we need the banknote to be able to communicate intelligently with terminals.
The antenna connected to the chip. We want our smart banknote to work like an Oyster card, so that you only need to tap it to some form of terminal for it to work.

How would such a note be used? Well, imagine that you have a banknote that says “£10” on it. You to the coffee shop and spend £1.50 on a coffee. You tap the note on the till to pay, and the display now changes to say “£8.50”. When you get to work, your friend reminds you that you owe him £8 from the pub. You give him the note and he gives you a 50p coin in change. Your friend can absolutely trust that the value represented by the note is indeed £8.50 because the tamper-resistant chip and the cryptography it deploys make it impossible to counterfeit.

It’s hard to imagine the implications so a technology combination so radical in everyday use. Take just one aspect: the expense and complexity of engraving plates, adding holograms, printing fine detail and everything else that is needed to make notes hard to counterfeit

Modern banknotes contain up to 50 anti-counterfeiting features, but adding electronic circuits programmed to confirm the note’s authenticity is perhaps the ultimate deterrent, and would also help to simplify banknote tracking.
[From Banknotes go electric to outwit counterfeiters – tech – 21 December 2010 – New Scientist]

A smart banknote needs none of these, because its security depends on cryptography and the chip tamper-resistance. The state-of-the-art here is already more than adequate for purpose. There are other differences too: since the smart banknote works using contactless communications, there’s no reason for it to be a rectangle. The best smart banknote might be a ball, or a strip or a disc.

What would a banknote look like without security printing, freed from the tyranny of form factor and with a display that changes? That’s an interesting question. Since it’s about technology, it’s easy for people like me to imagine how a smart banknote might work. It’s much harder to imagine what it might look like, and that’s why Consult Hyperion have a launched a competition for artists to design a smart banknote. It’s going to work like this: the competition will run for a month from 21st January 2011 to 21st February 2011. During that time, artists are invited to submit a picture, sketch, diagram, draft, model or any other means of communicating their vision to art (at) chyp.com for consideration. All of the entries will be displayed at the Digital Money Forum website.

The artist Austin Houldsworth, who presented at the 12th Digital Money Forum in 2009, has been commissioned to review the entries and create a shortlist. The shortlisted candidates will be informed by 25th February 2011 and invited to come along to the Digital Money Forum on Thursday 3rd March to present their concept to our judging panel and you, the delegates. The panel will then select the winning entry and present them with a prize: in this case, an Apple iPad (although naturally the prestige associated with award outweighs the value of this base material prize).

As an aside, the Curator of Modern Money at the British Museum, Catherine Eagleton, will be speaking at the 14th annual Digital Money Forum in London in March, so if you would like to ask anything about the money objects featured in the radio series, don’t miss the opportunity to come along and meet a genuine expert.

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]

Dry

8th December 2010by Consult Hyperion2 Comments

[Dave Birch] Having said that I couldn’t see any circumstances in which I’d use a contactless card at my dry cleaners, I just did.

I went in with some dry cleaning which came to £11 or so. I took out my MasterCard and put it in the terminal, punched in my PIN and then waited a while for it to dial up and authorise. While this was going on, I noticed that the terminal was a new Ingenico i-series terminal with contactless interface. So, as an experiment, I bought £7 of shoe polish: the chap keyed in the transaction and sure enough the contactless interface lit up: I paid with my Visa contactless card which, since it was offline DDA, was instant. Excellent.

Continue reading “Dry”

London buses show us the way

7th December 2010by Consult Hyperion2 Comments

[Dave Birch] The Mayor of London, Boris Johnson, has been talking about the next major revolution to come in London transit ticketing.

Public transport travellers will be able to swipe credit or debit cards in the same way as Oyster cards by 2012, Boris Johnson revealed. The Mayor said the phased scheme will start on buses in the run-up to the Olympics and then move on to the Tube. Prices will be the same as with Oyster. Mr Johnson has also pledged that a “next generation” Oyster card will be released by 2014.
[From Commuters will soon be able to use credit cards like Oyster by 2012 | News]

What this all means is that visitors to London — and, indeed, Londoners — will no longer need to get prepaid Oyster cards. They will be able to use their bank cards (such as, for example, the one of the ten million cards that Barclays has already issued with contactless interfaces) to tap-and-go their way around town.

Continue reading “London buses show us the way”

Follow the pain

13th October 2010by Consult Hyperion7 Comments

[Dave Birch] Our friends over at PYMNTS have been asking an interesting question:

What is the biggest reason why contactless payment cards are not moving further along?
[From Why Hasn’t Contactless Ignited: PYMNTS Community Fires Back – pymnts.com]

They’ve had a lot of different answers, and it’s well worth looking through the various comments. I remain convinced that one of the biggest problems is the mismatch between bank channels and cash-replacement locations. In other words, cash doesn’t work properly in some locations, and this ought to be an opportunity to replace it. Someone commenting on the question said that “if it ‘aint broke, don’t fix it”. Well…

This was the scene on Clapham Junction station. I didn’t get my chocolate bar, they didn’t get a sale. This is where cash is a pain, and where contactless ought to be an alternative. In fact, there are plenty of places where cash is a pain: the car park, the vending machine, the bus, the stupid Smart Carte machine at San Francisco airport, and none of them take contactless. My dry cleaner does take contactless, but I’m sure his terminal will never, ever be used. At the Mobile Payments and Commerce conference in Brussels last year, I heard a lovely phrase from Christian Sere-Annichini. He was talking about low-value payments for parking meters, vending machines, newspapers, that kind of thing, and he called it “street commerce”. An ideally descriptive phrase, you know immediately what it means. I think I use it in every presentation on low-value, cash-replacement strategies from now on: s-commerce.

I wonder, though, if another problem — apart from the failure to address s-commerce — might be that it has proved difficult to communicate to the general public how contactless cards work and what the benefits might be. Therefore, I thought it might be useful to look to see what the public’s concerns are and try harder to answer them.

How does it work? Contactless cards use short-range wireless technology. The reader at the till picks up a signal from your card when it’s very close.
[From Contactless payments: Time to wave goodbye to cash | Money | The Guardian]

Well, not really. The cards have no power: they pick up power from the till and then respond to commands from the till. They don’t send out a signal until they’ve been powered by the till.

The retailer has to enter the amount for you to approve, you then have to hold your card in front of the reader at precisely the right time – and for more than half a second. The reader display will confirm your transaction.
[From Contactless payments: Time to wave goodbye to cash | Money | The Guardian]

I don’t know where the “half a second” thing comes from, the transactions are faster than that, and the reader will prompt when it is expecting a card. Admittedly, the issue about the retailer having to enter the amount is really, really annoying as it means that they have to mess about pressing buttons, which slows everything down.

But what if someone steals my card? To combat the risk of a thief going on a contactless spending spree, cardholders will, when they hit a certain number of transactions or amount of spending, have to enter their pin the next time they pay, typically, each time they rack up £50 spending.
[From Contactless payments: Time to wave goodbye to cash | Money | The Guardian]

As a contactless card holder, I can genuinely say that I don’t care, since it’s the banks’ problem and not mine. But nevertheless, this is a genuine concern for members of the general public and we do need to deal with the fact that journalists (in particular) really like to recycle stories about contactless card insecurity. Remember this?

the crew at BoingBoing TV has posted up a little demo of how easy cracking the RFID encryption on an American Express card can be. All it takes is an $8 dollar reader easily available on eBay
[From RFID credit cards easily hacked with $8 reader – Engadget]

I don’t understand the psychology, obviously, but it seems to be a case of a story that journalists want to hear, if you see what I mean. As a consequence, everything gets framed in terms of stupid banks (who, it appears, have spent millions developing a system that can be trivially-defrauded) and clever hackers who are sticking it to the man.

In some organizations, RFID cards aren’t just for entering doors; they’re also used to access computers. And in the case of RFID-enabled credit cards, RFID researcher Chris Paget, who gave a talk at DefCon, says the chips contain all the information someone needs to clone the card and make fraudulent charges on it
[From Feds at DefCon Alarmed After RFIDs Scanned | Threat Level | Wired.com]

Once again: you cannot “clone” a contactless card with this information and you cannot create a counterfeit magnetic stripe card because the “track 2 equivalent” data in the chip is not the same as the actual magnetic stripe track 2 data. Yes, data can be read from a contactless card, but it cannot be used to create another card!

RFID credit cards surfaced in Canada since 2006, when MasterCard started aggressively pushing its PayPass cards. Today, about 90 per cent of MasterCards in the country are RFID-enabled and the company aims for 100 per cent by the end of the year, said Scott Lapstra, vice-president of market development for MasterCard Canada.
[From CBC News – Consumer Life – New credit cards pose security problem]

Oh no! So many Canadians are already at risk from large-scale identity theft! All you have to do it walk down the road with an $8 reader and you can get the all of the card details that you like and then use them to go on a spending spree. Actually, no. You have to read a lot further down the article to find out that

The MasterCards in Johanson’s demonstrations were of a later model and didn’t cough up their cardholders’ names.
[From CBC News – Consumer Life – New credit cards pose security problem]

So let’s review. You can’t use the data to create a counterfeit magnetic stripe card and you can’t use the data to create a clone contactless card. But you can get readers for an alleged $8 — great, I’ll take ten. But that’s not what the public take away from this. It’s up to us to work harder to get the message across if we want contactless take-up to accelerate.

Continue reading “Follow the pain”

Why now?

6th October 2010by Consult Hyperion2 Comments

[Dave Birch] What accounts for the apparent resurgence of interest in the future of money? I saw yet another book about this at the airport yesterday (it’s called “The Future of Money“) and when I got home and searched for it on Amazon I found yet another book with the same title just released. So I ordered both of them, naturally, and will read them on upcoming plane rides. So why now?

On the technology side, we have the Internet, mobile phones and contactless infrastructure. The last time that the banking sector had a real go at revolutionising the means of exchange, back in the early 1990s, none of them were mass market. In fact, it could be argued that, in hindsight, efforts such as Mondex and Proton, Danmont and VisaCash, were optimally wrong. A bit like chip and PIN, they were designed to succeed in an environment that was on the verge of vanishing, luxury ski runs down a melting glacier. They were designed to flourish in an offline world, and none of us knew that the world was just about to go online. Now we understand that the technology that is changing money forever is not the smart card — not even the Internet — but the mobile phone. It is personal connectivity that is the currency catalysts, the transforming element. Yes the industry, it has to be said, tried many experiments around mobile payments we well. Mobile payment systems have changed the landscape forever in Kenya and the Philippines, but they haven’t yet got traction in Western Europe. There was an X-factor missing. Consumers consistently said that they would like us to use their phone for payments, but they constantly rejected what they were offered. It just wasn’t convenient to send and receive text messages with codes in at the counter in W.H. Smith, even when it did work.

Meanwhile, another big industry — transit — was already rolling out contactless cards and consumers in London, Hong Kong and Tokyo were enthusiastic adopters. Combining the “tap ‘n go” convenience of short range “proximity” interfaces with the power of the mobile phone and the flexibility of the Internet looks like a winning recipe. Even before the first commercial Near-Field Communication (NFC) payment service was rolled-out in Malaysia last year, pilots and trials around the world had already shown an astonishing customer reaction to the mixture.

The social drivers are all in place: people sort of expect mobile phones to handle payments. They don’t need convincing. We have the technology and we have consumers.

Continue reading “Why now?”